MM-12393 Server side of bot accounts. (#10378)

* bots model, store and api (#9903) * bots model, store and api Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119 * uncomment tests incorrectly commented, and fix merge issues * add etags support * add missing licenses * remove unused sqlbuilder.go (for now...) * rejig permissions * split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter implicitly allowing the former * make MANAGE_OTHERS_BOTS imply MANAGE_BOTS * conform to general rest api pattern * eliminate redundant http.StatusOK * Update api4/bot.go Co-Authored-By: lieut-data <jesse.hallam@gmail.com> * s/model.UserFromBotModel/model.UserFromBot/g * Update model/bot.go Co-Authored-By: lieut-data <jesse.hallam@gmail.com> * Update model/client4.go Co-Authored-By: lieut-data <jesse.hallam@gmail.com> * move sessionHasPermissionToManageBot to app/authorization.go * use api.ApiSessionRequired for createBot * introduce BOT_DESCRIPTION_MAX_RUNES constant * MM-13512 Prevent getting a user by email based on privacy settings (#10021) * MM-13512 Prevent getting a user by email based on privacy settings * Add additional config settings to tests * upgrade db to 5.7 (#10019) * MM-13526 Add validation when setting a user's Locale field (#10022) * Fix typos (#10024) * Fixing first user being created with system admin privilages without being explicity specified. (#10014) * Revert "Support for Embeded chat (#9129)" (#10017) This reverts commit 3fcecd521a. * s/DisableBot/UpdateBotActive * add permissions on upgrade * Update NOTICE.txt (#10054) - add new dependency (text) - handle switch to forked dependency (go-gomail -> go-mail) - misc copyright owner updates * avoid leaking bot knowledge without permission * [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049) * 6798 added a new api to get the bulk reactions for posts * 6798 added the permsission check before getting the reactions * GH-6798 added a new app function for the new endpoint * 6798 added a store method to get reactions for multiple posts * 6798 connected the app function with the new store function * 6798 fixed the review comments * MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055) Ticket: https://mattermost.atlassian.net/browse/MM-13559 Report: https://github.com/mattermost/mattermost-server/issues/10023 * Trigger Login Hooks with OAuth (#10061) * make BotStore.GetAll deterministic even on duplicate CreateAt * fix spurious TestMuteCommandSpecificChannel test failure See https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw * fix race in TestExportUserChannels * TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway * MM-13117: bot tokens (#10111) * eliminate redundant Client/AdminClient declarations * harden TestUpdateChannelScheme to API failures * eliminate unnecessary config restoration * minor cleanup * make TestGenerateMfaSecret config dependency explicit * TestCreateUserAccessToken for bots * TestGetUserAccessToken* for bots * leverage SessionHasPermissionToUserOrBot for user token APIs * Test(Revoke|Disable|Enable)UserAccessToken * make EnableUserAccessTokens explicit, so as to not rely on local config.json * uncomment TestResetPassword, but still skip * mark assert(Invalid)Token as helper * fix whitespace issues * fix mangled comments * MM-13116: bot plugin api (#10113) * MM-13117: expose bot API to plugins This also changes the `CreatorId` column definition to allow for plugin ids, as the default unless the plugin overrides is to use the plugin id here. This branch hasn't hit master yet, so no migration needed. * gofmt issues * expunge use of BotList in plugin/client API * introduce model.BotGetOptions * use botUserId term for clarity * MM-13129 Adding functionality to deal with orphaned bots (#10238) * Add way to list orphaned bots. * Add /assign route to modify ownership of bot accounts. * Apply suggestions from code review Co-Authored-By: crspeller <crspeller@gmail.com> * MM-13120: add IsBot field to returned user objects (#10103) * MM-13104: forbid bot login (#10251) * MM-13104: disallow bot login * fix shadowing * MM-13136 Disable user bots when user is disabled. (#10293) * Disable user bots when user is disabled. * Grammer. Co-Authored-By: crspeller <crspeller@gmail.com> * Fixing bot branch for test changes. * Don't use external dependancies in bot plugin tests. * Rename bot CreatorId to OwnerId * Adding ability to re-enable bots * Fixing IsBot to not attempt to be saved to DB. * Adding diagnostics and licencing counting for bot accounts. * Modifying gorp to allow reading of '-' fields. * Removing unnessisary nil values from UserCountOptions. * Changing comment to GoDoc format * Improving user count SQL * Some improvments from feedback. * Omit empty on User.IsBot
2025-02-25 18:55:24 -06:00 · 2019-03-05 07:06:45 -08:00
parent 80e0d01fe5
commit 06b579d18a
53 changed files with 5951 additions and 403 deletions
--- a/model/bot.go
+++ b/model/bot.go
@@ -0,0 +1,209 @@
+// Copyright (c) 2016-present Mattermost, Inc. All Rights Reserved.
+// See License.txt for license information.
+
+package model
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"strings"
+	"unicode/utf8"
+)
+
+const (
+	BOT_DISPLAY_NAME_MAX_RUNES = USER_FIRST_NAME_MAX_RUNES
+	BOT_DESCRIPTION_MAX_RUNES  = 1024
+	BOT_CREATOR_ID_MAX_RUNES   = KEY_VALUE_PLUGIN_ID_MAX_RUNES // UserId or PluginId
+)
+
+// Bot is a special type of User meant for programmatic interactions.
+// Note that the primary key of a bot is the UserId, and matches the primary key of the
+// corresponding user.
+type Bot struct {
+	UserId      string `json:"user_id"`
+	Username    string `json:"username"`
+	DisplayName string `json:"display_name,omitempty"`
+	Description string `json:"description,omitempty"`
+	OwnerId     string `json:"creator_id"`
+	CreateAt    int64  `json:"create_at"`
+	UpdateAt    int64  `json:"update_at"`
+	DeleteAt    int64  `json:"delete_at"`
+}
+
+// BotPatch is a description of what fields to update on an existing bot.
+type BotPatch struct {
+	Username    *string `json:"username"`
+	DisplayName *string `json:"display_name"`
+	Description *string `json:"description"`
+}
+
+// BotGetOptions acts as a filter on bulk bot fetching queries.
+type BotGetOptions struct {
+	OwnerId        string
+	IncludeDeleted bool
+	OnlyOrphaned   bool
+	Page           int
+	PerPage        int
+}
+
+// BotList is a list of bots.
+type BotList []*Bot
+
+// Trace describes the minimum information required to identify a bot for the purpose of logging.
+func (b *Bot) Trace() map[string]interface{} {
+	return map[string]interface{}{"user_id": b.UserId}
+}
+
+// Clone returns a shallow copy of the bot.
+func (b *Bot) Clone() *Bot {
+	copy := *b
+	return &copy
+}
+
+// IsValid validates the bot and returns an error if it isn't configured correctly.
+func (b *Bot) IsValid() *AppError {
+	if !IsValidId(b.UserId) {
+		return NewAppError("Bot.IsValid", "model.bot.is_valid.user_id.app_error", b.Trace(), "", http.StatusBadRequest)
+	}
+
+	if !IsValidUsername(b.Username) {
+		return NewAppError("Bot.IsValid", "model.bot.is_valid.username.app_error", b.Trace(), "", http.StatusBadRequest)
+	}
+
+	if utf8.RuneCountInString(b.DisplayName) > BOT_DISPLAY_NAME_MAX_RUNES {
+		return NewAppError("Bot.IsValid", "model.bot.is_valid.user_id.app_error", b.Trace(), "", http.StatusBadRequest)
+	}
+
+	if utf8.RuneCountInString(b.Description) > BOT_DESCRIPTION_MAX_RUNES {
+		return NewAppError("Bot.IsValid", "model.bot.is_valid.description.app_error", b.Trace(), "", http.StatusBadRequest)
+	}
+
+	if len(b.OwnerId) == 0 || utf8.RuneCountInString(b.OwnerId) > BOT_CREATOR_ID_MAX_RUNES {
+		return NewAppError("Bot.IsValid", "model.bot.is_valid.creator_id.app_error", b.Trace(), "", http.StatusBadRequest)
+	}
+
+	if b.CreateAt == 0 {
+		return NewAppError("Bot.IsValid", "model.bot.is_valid.create_at.app_error", b.Trace(), "", http.StatusBadRequest)
+	}
+
+	if b.UpdateAt == 0 {
+		return NewAppError("Bot.IsValid", "model.bot.is_valid.update_at.app_error", b.Trace(), "", http.StatusBadRequest)
+	}
+
+	return nil
+}
+
+// PreSave should be run before saving a new bot to the database.
+func (b *Bot) PreSave() {
+	b.CreateAt = GetMillis()
+	b.UpdateAt = b.CreateAt
+	b.DeleteAt = 0
+}
+
+// PreUpdate should be run before saving an updated bot to the database.
+func (b *Bot) PreUpdate() {
+	b.UpdateAt = GetMillis()
+}
+
+// Etag generates an etag for caching.
+func (b *Bot) Etag() string {
+	return Etag(b.UserId, b.UpdateAt)
+}
+
+// ToJson serializes the bot to json.
+func (b *Bot) ToJson() []byte {
+	data, _ := json.Marshal(b)
+	return data
+}
+
+// BotFromJson deserializes a bot from json.
+func BotFromJson(data io.Reader) *Bot {
+	var bot *Bot
+	json.NewDecoder(data).Decode(&bot)
+	return bot
+}
+
+// Patch modifies an existing bot with optional fields from the given patch.
+func (b *Bot) Patch(patch *BotPatch) {
+	if patch.Username != nil {
+		b.Username = *patch.Username
+	}
+
+	if patch.DisplayName != nil {
+		b.DisplayName = *patch.DisplayName
+	}
+
+	if patch.Description != nil {
+		b.Description = *patch.Description
+	}
+}
+
+// ToJson serializes the bot patch to json.
+func (b *BotPatch) ToJson() []byte {
+	data, err := json.Marshal(b)
+	if err != nil {
+		return nil
+	}
+
+	return data
+}
+
+// BotPatchFromJson deserializes a bot patch from json.
+func BotPatchFromJson(data io.Reader) *BotPatch {
+	decoder := json.NewDecoder(data)
+	var botPatch BotPatch
+	err := decoder.Decode(&botPatch)
+	if err != nil {
+		return nil
+	}
+
+	return &botPatch
+}
+
+// UserFromBot returns a user model describing the bot fields stored in the User store.
+func UserFromBot(b *Bot) *User {
+	return &User{
+		Id:        b.UserId,
+		Username:  b.Username,
+		Email:     fmt.Sprintf("%s@localhost", strings.ToLower(b.Username)),
+		FirstName: b.DisplayName,
+	}
+}
+
+// BotListFromJson deserializes a list of bots from json.
+func BotListFromJson(data io.Reader) BotList {
+	var bots BotList
+	json.NewDecoder(data).Decode(&bots)
+	return bots
+}
+
+// ToJson serializes a list of bots to json.
+func (l *BotList) ToJson() []byte {
+	b, _ := json.Marshal(l)
+	return b
+}
+
+// Etag computes the etag for a list of bots.
+func (l *BotList) Etag() string {
+	id := "0"
+	var t int64 = 0
+	var delta int64 = 0
+
+	for _, v := range *l {
+		if v.UpdateAt > t {
+			t = v.UpdateAt
+			id = v.UserId
+		}
+
+	}
+
+	return Etag(id, t, delta, len(*l))
+}
+
+// MakeBotNotFoundError creates the error returned when a bot does not exist, or when the user isn't allowed to query the bot.
+// The errors must the same in both cases to avoid leaking that a user is a bot.
+func MakeBotNotFoundError(userId string) *AppError {
+	return NewAppError("SqlBotStore.Get", "store.sql_bot.get.missing.app_error", map[string]interface{}{"user_id": userId}, "", http.StatusNotFound)
+}